RubyGems - grpc - Versions diffs - 1.55.0 → 1.56.2 - Mend

grpc 1.55.0 → 1.56.2

Files changed (395) hide show

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h CHANGED Viewed

@@ -91,6 +91,8 @@ extern "C" {
 // be the largest fields anyone plausibly uses.
 #define EC_MAX_BYTES 66
 #define EC_MAX_WORDS ((EC_MAX_BYTES + BN_BYTES - 1) / BN_BYTES)
+#define EC_MAX_COMPRESSED (EC_MAX_BYTES + 1)
+#define EC_MAX_UNCOMPRESSED (2 * EC_MAX_BYTES + 1)
 static_assert(EC_MAX_WORDS <= BN_SMALL_MAX_WORDS,
               "bn_*_small functions not usable");
@@ -119,8 +121,8 @@ OPENSSL_EXPORT void ec_scalar_to_bytes(const EC_GROUP *group, uint8_t *out,
 // ec_scalar_from_bytes deserializes |in| and stores the resulting scalar over
 // group |group| to |out|. It returns one on success and zero if |in| is
 // invalid.
-int ec_scalar_from_bytes(const EC_GROUP *group, EC_SCALAR *out,
-                         const uint8_t *in, size_t len);
+OPENSSL_EXPORT int ec_scalar_from_bytes(const EC_GROUP *group, EC_SCALAR *out,
+                                        const uint8_t *in, size_t len);
 // ec_scalar_reduce sets |out| to |words|, reduced modulo the group order.
 // |words| must be less than order^2. |num| must be at most twice the width of
@@ -241,16 +243,14 @@ int ec_felem_equal(const EC_GROUP *group, const EC_FELEM *a, const EC_FELEM *b);
 // Points.
 //
 // Points may represented in affine coordinates as |EC_AFFINE| or Jacobian
-// coordinates as |EC_RAW_POINT|. Affine coordinates directly represent a
+// coordinates as |EC_JACOBIAN|. Affine coordinates directly represent a
 // point on the curve, but point addition over affine coordinates requires
 // costly field inversions, so arithmetic is done in Jacobian coordinates.
 // Converting from affine to Jacobian is cheap, while converting from Jacobian
 // to affine costs a field inversion. (Jacobian coordinates amortize the field
 // inversions needed in a sequence of point operations.)
-//
-// TODO(davidben): Rename |EC_RAW_POINT| to |EC_JACOBIAN|.
-// An EC_RAW_POINT represents an elliptic curve point in Jacobian coordinates.
+// An EC_JACOBIAN represents an elliptic curve point in Jacobian coordinates.
 // Unlike |EC_POINT|, it is a plain struct which can be stack-allocated and
 // needs no cleanup. It is specific to an |EC_GROUP| and must not be mixed
 // between groups.
@@ -258,7 +258,7 @@ typedef struct {
   // X, Y, and Z are Jacobian projective coordinates. They represent
   // (X/Z^2, Y/Z^3) if Z != 0 and the point at infinity otherwise.
   EC_FELEM X, Y, Z;
-} EC_RAW_POINT;
+} EC_JACOBIAN;
 // An EC_AFFINE represents an elliptic curve point in affine coordinates.
 // coordinates. Note the point at infinity cannot be represented in affine
@@ -269,7 +269,7 @@ typedef struct {
 // ec_affine_to_jacobian converts |p| to Jacobian form and writes the result to
 // |*out|. This operation is very cheap and only costs a few copies.
-void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
+void ec_affine_to_jacobian(const EC_GROUP *group, EC_JACOBIAN *out,
                            const EC_AFFINE *p);
 // ec_jacobian_to_affine converts |p| to affine form and writes the result to
@@ -279,8 +279,8 @@ void ec_affine_to_jacobian(const EC_GROUP *group, EC_RAW_POINT *out,
 //
 // If only extracting the x-coordinate, use |ec_get_x_coordinate_*| which is
 // slightly faster.
-int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
-                          const EC_RAW_POINT *p);
+OPENSSL_EXPORT int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
+                                         const EC_JACOBIAN *p);
 // ec_jacobian_to_affine_batch converts |num| points in |in| from Jacobian
 // coordinates to affine coordinates and writes the results to |out|. It returns
@@ -289,7 +289,7 @@ int ec_jacobian_to_affine(const EC_GROUP *group, EC_AFFINE *out,
 // This function is not implemented for all curves. Add implementations as
 // needed.
 int ec_jacobian_to_affine_batch(const EC_GROUP *group, EC_AFFINE *out,
-                                const EC_RAW_POINT *in, size_t num);
+                                const EC_JACOBIAN *in, size_t num);
 // ec_point_set_affine_coordinates sets |out|'s to a point with affine
 // coordinates |x| and |y|. It returns one if the point is on the curve and
@@ -307,12 +307,12 @@ int ec_point_mul_no_self_test(const EC_GROUP *group, EC_POINT *r,
 // ec_point_mul_scalar sets |r| to |p| * |scalar|. Both inputs are considered
 // secret.
-int ec_point_mul_scalar(const EC_GROUP *group, EC_RAW_POINT *r,
-                        const EC_RAW_POINT *p, const EC_SCALAR *scalar);
+int ec_point_mul_scalar(const EC_GROUP *group, EC_JACOBIAN *r,
+                        const EC_JACOBIAN *p, const EC_SCALAR *scalar);
 // ec_point_mul_scalar_base sets |r| to generator * |scalar|. |scalar| is
 // treated as secret.
-int ec_point_mul_scalar_base(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_point_mul_scalar_base(const EC_GROUP *group, EC_JACOBIAN *r,
                              const EC_SCALAR *scalar);
 // ec_point_mul_scalar_batch sets |r| to |p0| * |scalar0| + |p1| * |scalar1| +
@@ -333,10 +333,10 @@ int ec_point_mul_scalar_base(const EC_GROUP *group, EC_RAW_POINT *r,
 // none. If generalizing to tuned curves, this may be useful. However, we still
 // must double up to the least efficient input, so precomputed tables can only
 // save table setup and allow a wider window size.
-int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_RAW_POINT *r,
-                              const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
-                              const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
-                              const EC_RAW_POINT *p2, const EC_SCALAR *scalar2);
+int ec_point_mul_scalar_batch(const EC_GROUP *group, EC_JACOBIAN *r,
+                              const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
+                              const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
+                              const EC_JACOBIAN *p2, const EC_SCALAR *scalar2);
 #define EC_MONT_PRECOMP_COMB_SIZE 5
@@ -355,7 +355,7 @@ typedef union {
 // This function is not implemented for all curves. Add implementations as
 // needed.
 int ec_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
-                    const EC_RAW_POINT *p);
+                    const EC_JACOBIAN *p);
 // ec_point_mul_scalar_precomp sets |r| to |p0| * |scalar0| + |p1| * |scalar1| +
 // |p2| * |scalar2|. |p1| or |p2| may be NULL to skip the corresponding term.
@@ -379,7 +379,7 @@ int ec_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
 // none. If generalizing to tuned curves, we should add a parameter for the base
 // point and arrange for the generic implementation to have base point tables
 // available.
-int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_JACOBIAN *r,
                                 const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
                                 const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
                                 const EC_PRECOMP *p2, const EC_SCALAR *scalar2);
@@ -388,9 +388,9 @@ int ec_point_mul_scalar_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
 // generator * |g_scalar| + |p| * |p_scalar|. It assumes that the inputs are
 // public so there is no concern about leaking their values through timing.
 OPENSSL_EXPORT int ec_point_mul_scalar_public(const EC_GROUP *group,
-                                              EC_RAW_POINT *r,
+                                              EC_JACOBIAN *r,
                                               const EC_SCALAR *g_scalar,
-                                              const EC_RAW_POINT *p,
+                                              const EC_JACOBIAN *p,
                                               const EC_SCALAR *p_scalar);
 // ec_point_mul_scalar_public_batch sets |r| to the sum of generator *
@@ -401,15 +401,15 @@ OPENSSL_EXPORT int ec_point_mul_scalar_public(const EC_GROUP *group,
 //
 // This function is not implemented for all curves. Add implementations as
 // needed.
-int ec_point_mul_scalar_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_point_mul_scalar_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
                                      const EC_SCALAR *g_scalar,
-                                     const EC_RAW_POINT *points,
+                                     const EC_JACOBIAN *points,
                                      const EC_SCALAR *scalars, size_t num);
 // ec_point_select, in constant time, sets |out| to |a| if |mask| is all ones
 // and |b| if |mask| is all zeros.
-void ec_point_select(const EC_GROUP *group, EC_RAW_POINT *out, BN_ULONG mask,
-                     const EC_RAW_POINT *a, const EC_RAW_POINT *b);
+void ec_point_select(const EC_GROUP *group, EC_JACOBIAN *out, BN_ULONG mask,
+                     const EC_JACOBIAN *a, const EC_JACOBIAN *b);
 // ec_affine_select behaves like |ec_point_select| but acts on affine points.
 void ec_affine_select(const EC_GROUP *group, EC_AFFINE *out, BN_ULONG mask,
@@ -422,14 +422,14 @@ void ec_precomp_select(const EC_GROUP *group, EC_PRECOMP *out, BN_ULONG mask,
 // ec_cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
 // order, with |r|. It returns one if the values match and zero if |p| is the
 // point at infinity of the values do not match.
-int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+int ec_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
                         const EC_SCALAR *r);
 // ec_get_x_coordinate_as_scalar sets |*out| to |p|'s x-coordinate, modulo
 // |group->order|. It returns one on success and zero if |p| is the point at
 // infinity.
 int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
-                                  const EC_RAW_POINT *p);
+                                  const EC_JACOBIAN *p);
 // ec_get_x_coordinate_as_bytes writes |p|'s affine x-coordinate to |out|, which
 // must have at must |max_out| bytes. It sets |*out_len| to the number of bytes
@@ -437,7 +437,7 @@ int ec_get_x_coordinate_as_scalar(const EC_GROUP *group, EC_SCALAR *out,
 // field. This function returns one on success and zero on failure.
 int ec_get_x_coordinate_as_bytes(const EC_GROUP *group, uint8_t *out,
                                  size_t *out_len, size_t max_out,
-                                 const EC_RAW_POINT *p);
+                                 const EC_JACOBIAN *p);
 // ec_point_byte_len returns the number of bytes in the byte representation of
 // a non-infinity point in |group|, encoded according to |form|, or zero if
@@ -461,12 +461,12 @@ int ec_point_from_uncompressed(const EC_GROUP *group, EC_AFFINE *out,
 // ec_set_to_safe_point sets |out| to an arbitrary point on |group|, either the
 // generator or the point at infinity. This is used to guard against callers of
 // external APIs not checking the return value.
-void ec_set_to_safe_point(const EC_GROUP *group, EC_RAW_POINT *out);
+void ec_set_to_safe_point(const EC_GROUP *group, EC_JACOBIAN *out);
 // ec_affine_jacobian_equal returns one if |a| and |b| represent the same point
 // and zero otherwise. It treats both inputs as secret.
 int ec_affine_jacobian_equal(const EC_GROUP *group, const EC_AFFINE *a,
-                             const EC_RAW_POINT *b);
+                             const EC_JACOBIAN *b);
 // Implementation details.
@@ -480,48 +480,48 @@ struct ec_method_st {
   // point_get_affine_coordinates sets |*x| and |*y| to the affine coordinates
   // of |p|. Either |x| or |y| may be NULL to omit it. It returns one on success
   // and zero if |p| is the point at infinity.
-  int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_RAW_POINT *p,
+  int (*point_get_affine_coordinates)(const EC_GROUP *, const EC_JACOBIAN *p,
                                       EC_FELEM *x, EC_FELEM *y);
   // jacobian_to_affine_batch implements |ec_jacobian_to_affine_batch|.
   int (*jacobian_to_affine_batch)(const EC_GROUP *group, EC_AFFINE *out,
-                                  const EC_RAW_POINT *in, size_t num);
+                                  const EC_JACOBIAN *in, size_t num);
   // add sets |r| to |a| + |b|.
-  void (*add)(const EC_GROUP *group, EC_RAW_POINT *r, const EC_RAW_POINT *a,
-              const EC_RAW_POINT *b);
+  void (*add)(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *a,
+              const EC_JACOBIAN *b);
   // dbl sets |r| to |a| + |a|.
-  void (*dbl)(const EC_GROUP *group, EC_RAW_POINT *r, const EC_RAW_POINT *a);
+  void (*dbl)(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *a);
   // mul sets |r| to |scalar|*|p|.
-  void (*mul)(const EC_GROUP *group, EC_RAW_POINT *r, const EC_RAW_POINT *p,
+  void (*mul)(const EC_GROUP *group, EC_JACOBIAN *r, const EC_JACOBIAN *p,
               const EC_SCALAR *scalar);
   // mul_base sets |r| to |scalar|*generator.
-  void (*mul_base)(const EC_GROUP *group, EC_RAW_POINT *r,
+  void (*mul_base)(const EC_GROUP *group, EC_JACOBIAN *r,
                    const EC_SCALAR *scalar);
   // mul_batch implements |ec_mul_scalar_batch|.
-  void (*mul_batch)(const EC_GROUP *group, EC_RAW_POINT *r,
-                    const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
-                    const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
-                    const EC_RAW_POINT *p2, const EC_SCALAR *scalar2);
+  void (*mul_batch)(const EC_GROUP *group, EC_JACOBIAN *r,
+                    const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
+                    const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
+                    const EC_JACOBIAN *p2, const EC_SCALAR *scalar2);
   // mul_public sets |r| to |g_scalar|*generator + |p_scalar|*|p|. It assumes
   // that the inputs are public so there is no concern about leaking their
   // values through timing.
   //
   // This function may be omitted if |mul_public_batch| is provided.
-  void (*mul_public)(const EC_GROUP *group, EC_RAW_POINT *r,
-                     const EC_SCALAR *g_scalar, const EC_RAW_POINT *p,
+  void (*mul_public)(const EC_GROUP *group, EC_JACOBIAN *r,
+                     const EC_SCALAR *g_scalar, const EC_JACOBIAN *p,
                      const EC_SCALAR *p_scalar);
   // mul_public_batch implements |ec_point_mul_scalar_public_batch|.
-  int (*mul_public_batch)(const EC_GROUP *group, EC_RAW_POINT *r,
-                          const EC_SCALAR *g_scalar, const EC_RAW_POINT *points,
+  int (*mul_public_batch)(const EC_GROUP *group, EC_JACOBIAN *r,
+                          const EC_SCALAR *g_scalar, const EC_JACOBIAN *points,
                           const EC_SCALAR *scalars, size_t num);
   // init_precomp implements |ec_init_precomp|.
   int (*init_precomp)(const EC_GROUP *group, EC_PRECOMP *out,
-                      const EC_RAW_POINT *p);
+                      const EC_JACOBIAN *p);
   // mul_precomp implements |ec_point_mul_scalar_precomp|.
-  void (*mul_precomp)(const EC_GROUP *group, EC_RAW_POINT *r,
+  void (*mul_precomp)(const EC_GROUP *group, EC_JACOBIAN *r,
                       const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
                       const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
                       const EC_PRECOMP *p2, const EC_SCALAR *scalar2);
@@ -581,7 +581,7 @@ struct ec_method_st {
   // cmp_x_coordinate compares the x (affine) coordinate of |p|, mod the group
   // order, with |r|. It returns one if the values match and zero if |p| is the
   // point at infinity of the values do not match.
-  int (*cmp_x_coordinate)(const EC_GROUP *group, const EC_RAW_POINT *p,
+  int (*cmp_x_coordinate)(const EC_GROUP *group, const EC_JACOBIAN *p,
                           const EC_SCALAR *r);
 } /* EC_METHOD */;
@@ -635,24 +635,24 @@ struct ec_point_st {
   EC_GROUP *group;
   // raw is the group-specific point data. Functions that take |EC_POINT|
   // typically check consistency with |EC_GROUP| while functions that take
-  // |EC_RAW_POINT| do not. Thus accesses to this field should be externally
+  // |EC_JACOBIAN| do not. Thus accesses to this field should be externally
   // checked for consistency.
-  EC_RAW_POINT raw;
+  EC_JACOBIAN raw;
 } /* EC_POINT */;
 EC_GROUP *ec_group_new(const EC_METHOD *meth);
-void ec_GFp_mont_mul(const EC_GROUP *group, EC_RAW_POINT *r,
-                     const EC_RAW_POINT *p, const EC_SCALAR *scalar);
-void ec_GFp_mont_mul_base(const EC_GROUP *group, EC_RAW_POINT *r,
+void ec_GFp_mont_mul(const EC_GROUP *group, EC_JACOBIAN *r,
+                     const EC_JACOBIAN *p, const EC_SCALAR *scalar);
+void ec_GFp_mont_mul_base(const EC_GROUP *group, EC_JACOBIAN *r,
                           const EC_SCALAR *scalar);
-void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_RAW_POINT *r,
-                           const EC_RAW_POINT *p0, const EC_SCALAR *scalar0,
-                           const EC_RAW_POINT *p1, const EC_SCALAR *scalar1,
-                           const EC_RAW_POINT *p2, const EC_SCALAR *scalar2);
+void ec_GFp_mont_mul_batch(const EC_GROUP *group, EC_JACOBIAN *r,
+                           const EC_JACOBIAN *p0, const EC_SCALAR *scalar0,
+                           const EC_JACOBIAN *p1, const EC_SCALAR *scalar1,
+                           const EC_JACOBIAN *p2, const EC_SCALAR *scalar2);
 int ec_GFp_mont_init_precomp(const EC_GROUP *group, EC_PRECOMP *out,
-                             const EC_RAW_POINT *p);
-void ec_GFp_mont_mul_precomp(const EC_GROUP *group, EC_RAW_POINT *r,
+                             const EC_JACOBIAN *p);
+void ec_GFp_mont_mul_precomp(const EC_GROUP *group, EC_JACOBIAN *r,
                              const EC_PRECOMP *p0, const EC_SCALAR *scalar0,
                              const EC_PRECOMP *p1, const EC_SCALAR *scalar1,
                              const EC_PRECOMP *p2, const EC_SCALAR *scalar2);
@@ -673,9 +673,9 @@ void ec_GFp_mont_felem_exp(const EC_GROUP *group, EC_FELEM *out,
 void ec_compute_wNAF(const EC_GROUP *group, int8_t *out,
                      const EC_SCALAR *scalar, size_t bits, int w);
-int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_RAW_POINT *r,
+int ec_GFp_mont_mul_public_batch(const EC_GROUP *group, EC_JACOBIAN *r,
                                  const EC_SCALAR *g_scalar,
-                                 const EC_RAW_POINT *points,
+                                 const EC_JACOBIAN *points,
                                  const EC_SCALAR *scalars, size_t num);
 // method functions in simple.c
@@ -685,17 +685,17 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
                                   const BIGNUM *b, BN_CTX *);
 int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
                                   BIGNUM *b);
-void ec_GFp_simple_point_init(EC_RAW_POINT *);
-void ec_GFp_simple_point_copy(EC_RAW_POINT *, const EC_RAW_POINT *);
-void ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_RAW_POINT *);
-void ec_GFp_mont_add(const EC_GROUP *, EC_RAW_POINT *r, const EC_RAW_POINT *a,
-                     const EC_RAW_POINT *b);
-void ec_GFp_mont_dbl(const EC_GROUP *, EC_RAW_POINT *r, const EC_RAW_POINT *a);
-void ec_GFp_simple_invert(const EC_GROUP *, EC_RAW_POINT *);
-int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_RAW_POINT *);
-int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_RAW_POINT *);
-int ec_GFp_simple_points_equal(const EC_GROUP *, const EC_RAW_POINT *a,
-                               const EC_RAW_POINT *b);
+void ec_GFp_simple_point_init(EC_JACOBIAN *);
+void ec_GFp_simple_point_copy(EC_JACOBIAN *, const EC_JACOBIAN *);
+void ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_JACOBIAN *);
+void ec_GFp_mont_add(const EC_GROUP *, EC_JACOBIAN *r, const EC_JACOBIAN *a,
+                     const EC_JACOBIAN *b);
+void ec_GFp_mont_dbl(const EC_GROUP *, EC_JACOBIAN *r, const EC_JACOBIAN *a);
+void ec_GFp_simple_invert(const EC_GROUP *, EC_JACOBIAN *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_JACOBIAN *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_JACOBIAN *);
+int ec_GFp_simple_points_equal(const EC_GROUP *, const EC_JACOBIAN *a,
+                               const EC_JACOBIAN *b);
 void ec_simple_scalar_inv0_montgomery(const EC_GROUP *group, EC_SCALAR *r,
                                       const EC_SCALAR *a);
@@ -703,7 +703,7 @@ int ec_simple_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
                                                EC_SCALAR *r,
                                                const EC_SCALAR *a);
-int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_RAW_POINT *p,
+int ec_GFp_simple_cmp_x_coordinate(const EC_GROUP *group, const EC_JACOBIAN *p,
                                    const EC_SCALAR *r);
 void ec_GFp_simple_felem_to_bytes(const EC_GROUP *group, uint8_t *out,

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c CHANGED Viewed

@@ -320,8 +320,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
   }
   if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
-    unsigned long err = ERR_peek_last_error();
+    uint32_t err = ERR_peek_last_error();
     if (ERR_GET_LIB(err) == ERR_LIB_BN &&
         ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
       ERR_clear_error();

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c CHANGED Viewed

@@ -860,7 +860,7 @@ static crypto_word_t p224_get_bit(const EC_SCALAR *in, size_t i) {
 // Takes the Jacobian coordinates (X, Y, Z) of a point and returns
 // (X', Y') = (X/Z^2, Y/Z^3)
 static int ec_GFp_nistp224_point_get_affine_coordinates(
-    const EC_GROUP *group, const EC_RAW_POINT *point, EC_FELEM *x,
+    const EC_GROUP *group, const EC_JACOBIAN *point, EC_FELEM *x,
     EC_FELEM *y) {
   if (ec_GFp_simple_is_at_infinity(group, point)) {
     OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
@@ -895,8 +895,8 @@ static int ec_GFp_nistp224_point_get_affine_coordinates(
   return 1;
 }
-static void ec_GFp_nistp224_add(const EC_GROUP *group, EC_RAW_POINT *r,
-                                const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
+static void ec_GFp_nistp224_add(const EC_GROUP *group, EC_JACOBIAN *r,
+                                const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
   p224_felem x1, y1, z1, x2, y2, z2;
   p224_generic_to_felem(x1, &a->X);
   p224_generic_to_felem(y1, &a->Y);
@@ -911,8 +911,8 @@ static void ec_GFp_nistp224_add(const EC_GROUP *group, EC_RAW_POINT *r,
   p224_felem_to_generic(&r->Z, z1);
 }
-static void ec_GFp_nistp224_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
-                                const EC_RAW_POINT *a) {
+static void ec_GFp_nistp224_dbl(const EC_GROUP *group, EC_JACOBIAN *r,
+                                const EC_JACOBIAN *a) {
   p224_felem x, y, z;
   p224_generic_to_felem(x, &a->X);
   p224_generic_to_felem(y, &a->Y);
@@ -925,7 +925,7 @@ static void ec_GFp_nistp224_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
 }
 static void ec_GFp_nistp224_make_precomp(p224_felem out[17][3],
-                                         const EC_RAW_POINT *p) {
+                                         const EC_JACOBIAN *p) {
   OPENSSL_memset(out[0], 0, sizeof(p224_felem) * 3);
   p224_generic_to_felem(out[1][0], &p->X);
@@ -943,8 +943,8 @@ static void ec_GFp_nistp224_make_precomp(p224_felem out[17][3],
   }
 }
-static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
-                                      const EC_RAW_POINT *p,
+static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_JACOBIAN *r,
+                                      const EC_JACOBIAN *p,
                                       const EC_SCALAR *scalar) {
   p224_felem p_pre_comp[17][3];
   ec_GFp_nistp224_make_precomp(p_pre_comp, p);
@@ -992,7 +992,7 @@ static void ec_GFp_nistp224_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
 }
 static void ec_GFp_nistp224_point_mul_base(const EC_GROUP *group,
-                                           EC_RAW_POINT *r,
+                                           EC_JACOBIAN *r,
                                            const EC_SCALAR *scalar) {
   // Set nq to the point at infinity.
   p224_felem nq[3], tmp[3];
@@ -1039,9 +1039,9 @@ static void ec_GFp_nistp224_point_mul_base(const EC_GROUP *group,
 }
 static void ec_GFp_nistp224_point_mul_public(const EC_GROUP *group,
-                                             EC_RAW_POINT *r,
+                                             EC_JACOBIAN *r,
                                              const EC_SCALAR *g_scalar,
-                                             const EC_RAW_POINT *p,
+                                             const EC_JACOBIAN *p,
                                              const EC_SCALAR *p_scalar) {
   // TODO(davidben): If P-224 ECDSA verify performance ever matters, using
   // |ec_compute_wNAF| for |p_scalar| would likely be an easy improvement.

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c CHANGED Viewed

@@ -187,7 +187,7 @@ static void ecp_nistz256_mod_inverse_sqr_mont(BN_ULONG r[P256_LIMBS],
 // r = p * p_scalar
 static void ecp_nistz256_windowed_mul(const EC_GROUP *group, P256_POINT *r,
-                                      const EC_RAW_POINT *p,
+                                      const EC_JACOBIAN *p,
                                       const EC_SCALAR *p_scalar) {
   assert(p != NULL);
   assert(p_scalar != NULL);
@@ -299,8 +299,8 @@ static crypto_word_t calc_wvalue(size_t *index, const uint8_t p_str[33]) {
   return booth_recode_w7(wvalue);
 }
-static void ecp_nistz256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
-                                   const EC_RAW_POINT *p,
+static void ecp_nistz256_point_mul(const EC_GROUP *group, EC_JACOBIAN *r,
+                                   const EC_JACOBIAN *p,
                                    const EC_SCALAR *scalar) {
   alignas(32) P256_POINT out;
   ecp_nistz256_windowed_mul(group, &out, p, scalar);
@@ -311,7 +311,7 @@ static void ecp_nistz256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
   OPENSSL_memcpy(r->Z.words, out.Z, P256_LIMBS * sizeof(BN_ULONG));
 }
-static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_RAW_POINT *r,
+static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_JACOBIAN *r,
                                         const EC_SCALAR *scalar) {
   uint8_t p_str[33];
   OPENSSL_memcpy(p_str, scalar->words, 32);
@@ -356,9 +356,9 @@ static void ecp_nistz256_point_mul_base(const EC_GROUP *group, EC_RAW_POINT *r,
 }
 static void ecp_nistz256_points_mul_public(const EC_GROUP *group,
-                                           EC_RAW_POINT *r,
+                                           EC_JACOBIAN *r,
                                            const EC_SCALAR *g_scalar,
-                                           const EC_RAW_POINT *p_,
+                                           const EC_JACOBIAN *p_,
                                            const EC_SCALAR *p_scalar) {
   assert(p_ != NULL && p_scalar != NULL && g_scalar != NULL);
@@ -420,7 +420,7 @@ static void ecp_nistz256_points_mul_public(const EC_GROUP *group,
 }
 static int ecp_nistz256_get_affine(const EC_GROUP *group,
-                                   const EC_RAW_POINT *point, EC_FELEM *x,
+                                   const EC_JACOBIAN *point, EC_FELEM *x,
                                    EC_FELEM *y) {
   if (ec_GFp_simple_is_at_infinity(group, point)) {
     OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
@@ -444,8 +444,8 @@ static int ecp_nistz256_get_affine(const EC_GROUP *group,
   return 1;
 }
-static void ecp_nistz256_add(const EC_GROUP *group, EC_RAW_POINT *r,
-                             const EC_RAW_POINT *a_, const EC_RAW_POINT *b_) {
+static void ecp_nistz256_add(const EC_GROUP *group, EC_JACOBIAN *r,
+                             const EC_JACOBIAN *a_, const EC_JACOBIAN *b_) {
   P256_POINT a, b;
   OPENSSL_memcpy(a.X, a_->X.words, P256_LIMBS * sizeof(BN_ULONG));
   OPENSSL_memcpy(a.Y, a_->Y.words, P256_LIMBS * sizeof(BN_ULONG));
@@ -459,8 +459,8 @@ static void ecp_nistz256_add(const EC_GROUP *group, EC_RAW_POINT *r,
   OPENSSL_memcpy(r->Z.words, a.Z, P256_LIMBS * sizeof(BN_ULONG));
 }
-static void ecp_nistz256_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
-                             const EC_RAW_POINT *a_) {
+static void ecp_nistz256_dbl(const EC_GROUP *group, EC_JACOBIAN *r,
+                             const EC_JACOBIAN *a_) {
   P256_POINT a;
   OPENSSL_memcpy(a.X, a_->X.words, P256_LIMBS * sizeof(BN_ULONG));
   OPENSSL_memcpy(a.Y, a_->Y.words, P256_LIMBS * sizeof(BN_ULONG));
@@ -573,7 +573,7 @@ static int ecp_nistz256_scalar_to_montgomery_inv_vartime(const EC_GROUP *group,
 }
 static int ecp_nistz256_cmp_x_coordinate(const EC_GROUP *group,
-                                         const EC_RAW_POINT *p,
+                                         const EC_JACOBIAN *p,
                                          const EC_SCALAR *r) {
   if (ec_GFp_simple_is_at_infinity(group, p)) {
     return 0;

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c CHANGED Viewed

@@ -31,8 +31,9 @@
 #include "./internal.h"
 #if defined(BORINGSSL_HAS_UINT128)
-#define BORINGSSL_NISTP256_64BIT 1
 #include "../../../third_party/fiat/p256_64.h"
+#elif defined(OPENSSL_64_BIT)
+#include "../../../third_party/fiat/p256_64_msvc.h"
 #else
 #include "../../../third_party/fiat/p256_32.h"
 #endif
@@ -40,7 +41,7 @@
 // utility functions, handwritten
-#if defined(BORINGSSL_NISTP256_64BIT)
+#if defined(OPENSSL_64_BIT)
 #define FIAT_P256_NLIMBS 4
 typedef uint64_t fiat_p256_limb_t;
 typedef uint64_t fiat_p256_felem[FIAT_P256_NLIMBS];
@@ -413,7 +414,7 @@ static crypto_word_t fiat_p256_get_bit(const EC_SCALAR *in, int i) {
 // Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
 // (X/Z^2, Y/Z^3).
 static int ec_GFp_nistp256_point_get_affine_coordinates(
-    const EC_GROUP *group, const EC_RAW_POINT *point, EC_FELEM *x_out,
+    const EC_GROUP *group, const EC_JACOBIAN *point, EC_FELEM *x_out,
     EC_FELEM *y_out) {
   if (ec_GFp_simple_is_at_infinity(group, point)) {
     OPENSSL_PUT_ERROR(EC, EC_R_POINT_AT_INFINITY);
@@ -443,8 +444,8 @@ static int ec_GFp_nistp256_point_get_affine_coordinates(
   return 1;
 }
-static void ec_GFp_nistp256_add(const EC_GROUP *group, EC_RAW_POINT *r,
-                                const EC_RAW_POINT *a, const EC_RAW_POINT *b) {
+static void ec_GFp_nistp256_add(const EC_GROUP *group, EC_JACOBIAN *r,
+                                const EC_JACOBIAN *a, const EC_JACOBIAN *b) {
   fiat_p256_felem x1, y1, z1, x2, y2, z2;
   fiat_p256_from_generic(x1, &a->X);
   fiat_p256_from_generic(y1, &a->Y);
@@ -459,8 +460,8 @@ static void ec_GFp_nistp256_add(const EC_GROUP *group, EC_RAW_POINT *r,
   fiat_p256_to_generic(&r->Z, z1);
 }
-static void ec_GFp_nistp256_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
-                                const EC_RAW_POINT *a) {
+static void ec_GFp_nistp256_dbl(const EC_GROUP *group, EC_JACOBIAN *r,
+                                const EC_JACOBIAN *a) {
   fiat_p256_felem x, y, z;
   fiat_p256_from_generic(x, &a->X);
   fiat_p256_from_generic(y, &a->Y);
@@ -471,8 +472,8 @@ static void ec_GFp_nistp256_dbl(const EC_GROUP *group, EC_RAW_POINT *r,
   fiat_p256_to_generic(&r->Z, z);
 }
-static void ec_GFp_nistp256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
-                                      const EC_RAW_POINT *p,
+static void ec_GFp_nistp256_point_mul(const EC_GROUP *group, EC_JACOBIAN *r,
+                                      const EC_JACOBIAN *p,
                                       const EC_SCALAR *scalar) {
   fiat_p256_felem p_pre_comp[17][3];
   OPENSSL_memset(&p_pre_comp, 0, sizeof(p_pre_comp));
@@ -539,7 +540,7 @@ static void ec_GFp_nistp256_point_mul(const EC_GROUP *group, EC_RAW_POINT *r,
 }
 static void ec_GFp_nistp256_point_mul_base(const EC_GROUP *group,
-                                           EC_RAW_POINT *r,
+                                           EC_JACOBIAN *r,
                                            const EC_SCALAR *scalar) {
   // Set nq to the point at infinity.
   fiat_p256_felem nq[3] = {{0}, {0}, {0}}, tmp[3];
@@ -587,9 +588,9 @@ static void ec_GFp_nistp256_point_mul_base(const EC_GROUP *group,
 }
 static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group,
-                                             EC_RAW_POINT *r,
+                                             EC_JACOBIAN *r,
                                              const EC_SCALAR *g_scalar,
-                                             const EC_RAW_POINT *p,
+                                             const EC_JACOBIAN *p,
                                              const EC_SCALAR *p_scalar) {
 #define P256_WSIZE_PUBLIC 4
   // Precompute multiples of |p|. p_pre_comp[i] is (2*i+1) * |p|.
@@ -679,7 +680,7 @@ static void ec_GFp_nistp256_point_mul_public(const EC_GROUP *group,
 }
 static int ec_GFp_nistp256_cmp_x_coordinate(const EC_GROUP *group,
-                                            const EC_RAW_POINT *p,
+                                            const EC_JACOBIAN *p,
                                             const EC_SCALAR *r) {
   if (ec_GFp_simple_is_at_infinity(group, p)) {
     return 0;
@@ -748,5 +749,3 @@ DEFINE_METHOD_FUNCTION(EC_METHOD, EC_GFp_nistp256_method) {
       ec_simple_scalar_to_montgomery_inv_vartime;
   out->cmp_x_coordinate = ec_GFp_nistp256_cmp_x_coordinate;
 }
-#undef BORINGSSL_NISTP256_64BIT

data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h CHANGED Viewed

@@ -50,7 +50,7 @@
 // Tables for other points have table[i] = iG for i in 0 .. 16.
 // fiat_p256_g_pre_comp is the table of precomputed base points
-#if defined(BORINGSSL_NISTP256_64BIT)
+#if defined(OPENSSL_64_BIT)
 static const fiat_p256_felem fiat_p256_g_pre_comp[2][15][2] = {
     {{{0x79e730d418a9143c, 0x75ba95fc5fedb601, 0x79fb732b77622510,
        0x18905f76a53755c6},